Wireshark mailing list archives
Re: Is this a bug in display filter engine or something I have done wrong?
From: Gilbert Ramirez <gram () alumni rice edu>
Date: Tue, 18 Aug 2015 07:18:51 -0500
Hi Richard. You can use the 'dftest' executable that is built along with Wireshark to convert a display filter string to the byte-code used for the Display Filter Virtual Machine. Do that for for "wlan.dmg_params.bss == 1" and compare that to the output for a similar display filter for another field that is also FT_UINT8. I suspect they will be the same; if so, it wouldn't be an issue within the display filter code. Is there any possibility that add_ff_dmg_params() isn't being called or isn't adding dmg_params to the proto_tree in some cases? Gilbert On Mon, Aug 17, 2015 at 8:51 PM, Richard Sharpe <realrichardsharpe () gmail com
wrote:
Hi folks,
I have the following definition (someone else wrote this piece):
{&hf_ieee80211_ff_dmg_params_bss,
{"BSS Type", "wlan.dmg_params.bss",
FT_UINT8, BASE_DEC, VALS(bss_type), 0x03,
NULL, HFILL }},
and am dissecting this for Probe Response frames depending on whether
or not it is a DMG STA or not (based on the frequency of the STA:
70,000 MHz):
gboolean *p_isDMG =
((gboolean*)(p_get_proto_data(wmem_file_scope(), pinfo, proto_wlan,
IS_DMG_KEY)));
...
if (p_isDMG && *p_isDMG) {
add_ff_dmg_params(cap_tree, tvb, pinfo, offset);
...
This displays correctly, but if we specify a display filter of
wlan.dmg_params.bss == 1 nothing is found.
What do I need to do here to make this work?
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Is this a bug in display filter engine or something I have done wrong? Richard Sharpe (Aug 17)
- Re: Is this a bug in display filter engine or something I have done wrong? Gilbert Ramirez (Aug 18)
- Re: Is this a bug in display filter engine or something I have done wrong? Richard Sharpe (Aug 18)
- Re: Is this a bug in display filter engine or something I have done wrong? Richard Sharpe (Aug 18)
- Re: Is this a bug in display filter engine or something I have done wrong? Richard Sharpe (Aug 18)
- Re: Is this a bug in display filter engine or something I have done wrong? Richard Sharpe (Aug 18)
- Re: Is this a bug in display filter engine or something I have done wrong? Gilbert Ramirez (Aug 18)
- Re: Is this a bug in display filter engine or something I have done wrong? Alexis La Goutte (Aug 18)
- Re: Is this a bug in display filter engine or something I have done wrong? Richard Sharpe (Aug 18)